A warning! believe nothing from this book.Except what you know to be true.Test the knowledge, find your truth,experience your death.Do not edit or change this book.Or the message contained within.Either the words or their numbers For all is sacred!

Server was logging all our IPs and list was accesable to everyone. Now Cicada fixed that Apache vulnerability.

A short text to explain magic behind this :

Cicada uses the Apache server. Apache servers offer a server-status page which is available only from localhost for local use only, and usually not available to the outside user. This page gives various information about apache's status for the administrator.

To configure a hidden service with Tor and Apache, usually you add TOR as a proxy, so all the requests between the TOR network and apache are made through a localhost address. Best pratice in security is to not use Apache with TOR, and if you do it, you should reconfigure it. This was not the case here. The page changed some hours after this discovery, it was clearly a unplanned security vulnerability, and Taiiwo found it.

Until a more detailled explanation is provided, help yourself with this logs :

We got Book Page 4 (or is that LAST PAGE?) form the server-status page Onion 3 ver3Edit

regarding the server-status page not changing - it is static. all the times and dates etc do not change. it's a mock-up of a real page. BUT - there are things to note about the mock-up
==========================================================
Current time is "Thursday, 06-Jan-2014 00:13:17"
Restart time is "Tuesday, 06-Jan-2014 00:13:17"
13 is a prime
17 is a prime
06 Jan was not a Thursday or a Tuesday! It was a Monday.
Current and Restart time should not be the same!
06-Jan-2014 00:13:17 was just under 7 hours before the first picture was tweeted
==========================================================
Server uptime: 1 days 0 hours 33 minutes 14 seconds
^ ^ ^^
= "1033"
==========================================================
(Current time) minus (Server uptime) gives a Restart time and date of 04/01/2014 23:40:03
* question - why fabricate the page and not get the numbers to match up? they've put so much care into other things they have produced
* what relevance are we to infer from the other details on the page, such as server build time, total accesses, total traffic etc etc?
* to note: Apache 2.2.22 was not the current version when this server was built (Jul 12 2013 13:37:15) perhaps the version number or date are significant
* Apache version is given as "Apache/2.2.22 (Ubuntu)" at the top of the document, but "Apache Server" at the bottom of the page. This is not the same as http://www.apache.org/server-status where it's the same. can anyone with more knowledge of Apache comment if this is unusual?

Long string on updated SERVER-STATUS PAGE containstwo images, both exactly the same, byte by byte. One from beginning of string and second from end of tring towards start and reversed. Just like it was on onion 2.

But in between there was chunk of data (we call that OOB TABLE) . Should be in the logs bellow.

That chunk of data is after doing some hex>bin magic (explanation below) the same as 5X5 table in second paragraph of jpg.

People say that second paragraph doesnt mean anything, its only words.

To replace runes with numbers we can do OOB TABLE hex>bin twice magic, or we can simply count runes values from gematria primus.

Noticed immediately was an obvious JFIF (JPEG File Interchange Format ) header (0xffd8ffe0). The second most obvious observation is that the end of the file contained another JFIF header but with the bytes reversed (0xe0ffd8ff).

Next:

1. The JFIF EOF (end of file) marker was found in the hexadecimal. It looks like:

ffd9

Also noticed, was that there was a corresponding reversed end of file marker after the forward marker:

d9ff

2. The differences between the image data forward and backward were examined. Creating an image out of the hexadecimal as follows:

xxd -p -r < server-status.hex > server-status.jpg

one gets a JPEG file as expected. If one reverses the binary JPG file

reverse < server-status.jpg > rev.server-status.jpg

it will appear that one gets the same image.

3. However, checking the differences between the forward and reverse images, it is found that data between the EOF and reverse EOF markers (aka OOB or Out of Bound data) is different:

cmp -l server-status.jpg rev.server-status.jpg

From the reversed image, the differing data looks like this (in hexadecimal):

6. After one more application of xxd to convert to binary, we obtained the following 5x5 matrix of numbers as output. It should be noted that these are some of the same numbers as in the JPEG image in which they are contained, and appear to be in the same matrix.

To get out both identical jpgs copy long string to some hexeditor like HxD.First jpg is from first two bytes 0xFF 0xD8 to bytes 0xFF 0xD9. Second jpg is after OBB string and it starts with 0xD9 0xFF until last two bytes: 0xD8 0xFF. But it needs to be reversed, Wich can be done by Reverse-Text-Generator; press Reverse Wording. So that first byte becomes last and last byte bocomes first, while two hex bytes remain unchanged.

To get jpgs just copy those strings in new fiel in hex editor and save as jpg.

OOB string (Out Of Bounds, after EOF bytes 0xFF and 0xD9)
This is rest of string in the middle between two jpgs in hex:

Now, totients. I interpret this as follows, which might not be the only or best way to proceed, but just to be clear:
I look for numbers (again, in matrix notation) that could be the output of the totient function.
totients = {12, 22, 24, 32, 42, 44, 52, 54}
so "totients" are: 138, 199, 320, 245, 320, 199, 131, 138
"totients" in the combined number/rune matrix are: 138, buffers, carnal, obscura, analog, mournful, 131, 138

So we have 15 of the 25 cells are "primes" or totients" as defined this way. Now I am stuck but someone might find this useful.

Or, converting from mod(29) to runes - place in runes table used since few of these are primes
I (i)NG (i)NG A P F OE EO B F P A X (i)NG (i)NG [which looks like nonsense to me]

Then I tried looking only those cells in the runes/numbers matrix that were numbers only to runes

- there has to be a reason that they gave us this table in the order they did, no? The numbers, in the order they appear, are 272 138 226 18 131 138. But mod(29) on these would give us too few numbers, and factoring these to prime factors doesn't seem useful.

So... this seems like a dead end, but it is a way of thinking about the matrix I have not seen on here before. Maybe someone will find it useful? If nothing else, it gives a logical basis for a 3x5 or 5x3 matrix should that prove useful.

The totient is never an odd number (exept 1) so the replacement is not possible for odd non-primes. Positions were the original matrix contained odd non-primes are marked by ???. Note that this is no longer a magic square and also cannot be made one by choosing numbers for the ???.

The non-replaceable numbers are associated with the words (obscure, shadows, form, cabal).

First "Russian Alphamagic Square"discovered by ASU professor and student

After more than a decade of research, trials and errors, Professor Lee B. Croft and math student Samuel Comi of Arizona State University (ASU) announce the discovery of the first Russian Alphamagic Square.

Dr Croft (left) is Head of the Faculty of German, Romanian, and Slavic Languages; School of International Letters and Cultures. Samuel Comi (right) is a student in Croft's RUS-212 Russian Conversation course, a sophomore mathmatics major, and active in the Chess Club. Croft had been researching the problem for over 10 years, then Comi wrote a computer program that found the solution in one weekend.

Croft and Comi call their discovery the "Lee Sam," (a pun on Croft's Russian signature "Ли сам") and Sam's name. They gratiously advise everyone to keep a copy of it in their possession, so as to extend their life by 36 years. Magic Squares are ancient Chinese good luck charms.

"An alpha-magic square is a math puzzle in which the numbers of letters needed to spell the numbers also form a magic square … so that the array above adds to a constant sum of 216 on any row, column, or diagonal AND the numbers of Cyrillic letters needed to spell the Russian names of the numbers in this array, or precisely 15, 9, 12 / 9, 12, 15 / 12, 15, 9, also adds to a constant sum (36) on any row, column, or diagonal."

"The concept of alpha-magic squares is derived from a fifth-century Anglo-Saxon runic charm called by the discovering scholar Lee C.F. Sallows of Holland the 'Li Shu' (since the very first discovered magic square in China, circa 2300 B.C. is called the 'Lo Shu')."

"The alphamagic square represents a very rare confluence of 'magic' between the world of numbers and the world of letters. The runic original was reputedly devised by an anonymous wizard of Legendary King Mi (perhaps King Ida (550-616 AD)) to extend by its magic the King's life by the number of years of the secondary square's magic sum."

More than 10 years of research to find a solution

Dr. Croft was a former math major and has been fascinated by magic squares for a long time. He says, "I encountered the alphamagic square work of Lee Sallows about ten years ago. I made an initial attempt to find a Russian one and failed. I revived the effort inspired by math-puzzlist extraordinaire Martin Gardner who proved mathematically that the third-order magic cube is impossible."

Croft reports:

"But I had produced an earlier 'semi-magic' 3 x 3 x 3 cube by triply applying the 'Siamese method' to adjacent two-dimensional squares and had some partial success with a Russian magic square with a semi-magic (one diagonal out) logorithmic square, and a semi-magic 4x4 square with a magic logorithmic."

"In 2007 last semester, I began to try to enlist people of computer savvy to apply Sallows' ALPHA.BAS variation of Pascal to a list of Russian logorithms. I asked a math professor, a math-major former student, even our department computer wizard. I think I failed to completly explain the problem and provide them with enough information. I got no where."

"Over Christrmas break I just about wore out a ream of paper trying to find the needed concentric constant-difference triples and came tantalizingly close, as it later turned out. But when I returned to ASU this 2008 semester I presented the idea to my RUS-212 class (a real conglomeration of young geniuses) in which was student Sam Comi, and he immediately proposed to do a complete rewrite of the problem in Javascript. So I armed him with Sallows' articles (there are actually two), his Pascal-based computer program, the Edouard Lucas formula for general 3x3 magic squares, and the list of Russian logorithms."

"Sam Comi found the Russian magic square over a single weekend!"

News of this discovery will be published in several mathmatical journals and presented at conferences. Dr. Croft did their first public presentation — “The Search for a Russian Alphamagic Square”(download PDF) — at the AATSEEL meeting, University of Arizona, Tucson on April 19. An article about this discovery entitled "Russian Alphamagic Squares" by Lee B. Croft and Samuel Comi has been accepted for publication in Word Ways: The Journal of Recreational Linguistics, and they plan to also submit to The Journal of Recreational Mathematics. More news about publications later.

This is the actual "Li Shu," the first runic charm containing it discovered by Lee C. F. Sallows. King Mi was reputedly 45 years old (the first magic sum) and the wizard who made it for him was likely 21-years old (the logorithmic magic sum).

Dr. Croft points out, "The listed lifespan of King Ida (whom I think is the King referred to in Sallows' source as "King Mi") is precisely 66 years (the sum of the Li Shu's primary constant of 45 and the logorithmic constant of 21, the anonymous wizard's age ... so that the wizard devised a charm that added his age to that of his King ... and the King lived so long)."Back to Russian Arizona NEWS

Alfa-magic squares

The Origin of Tree Worship is a scientific book (published in 1887) about the habits of the Druids. Lee Sallows (analyzing runes as amateur) discovered in the book a formula written in runes. When Lee had decoded the formula he discovered an impure 3x3 magic square and he firstly could not imagine what was special about this magic square. Lee wrote the digits of the magic square down in runes. He counted the characters of the words in runes and put the results in a new square. This square happened to be magic just like the original magic square. Such a magic square is defined as an alfa-magic square. See below an alfa-magic square in english language.

Since the discovery of Lee Sallows alfa-magic squares have been made in different languages.

Also special is the “magic” square below. This magic square was engraved two thousand years ago in a post in the city Pompeii. The 5x5 magic square is filled with the characters of a Latin sentence. This sentence can be read backwards as well, and you get the same sentence (= palindrome). The sentence is: “SATOR AREPO TENET OPERA ROTAS”. In english it means: “Sower Arepo keeps the world turning”.

This square maintains the 1033 sum on rows, columns and diagonals whilst encoding a Google IP address. To retrieve the IP address simply read three values down the first column and one value from the second column.

<761> counts with gematria [patience is a virtue] 634292ba49fe336edada779a34054a335c2ec12c8bbaed4b92dcc05efe98f76abffdc2389bdb9de2cf20c009acdc1945ab095a52609a5c219afd5f3b3edf10fcb25950666dfe8d8c433cd10c0b4c72efdfe12c6270d5cfde291f9cf0d73cb1211140136e4057380c963d70c76948d9cf6775960cf98fbafa435c44015c5959837a0f8d9f46e094f27c5797b7f8ab49bf28fa674d2ad2f726e197839956921dab29724cd48e1a81fc9bab3565f7513e3e368cd0327b47cf595afebb78d6b5bca92ba021cd6734f4362a0b341f359157173b53d49ea5dff5889d2c9de6b0d7e8c615286ce596bfa83f50b6eeabd153aaf50cd75f39929ba11fb0f8e8d611442846

QUESTION TO ALL; how do we know that the creator of 3301 puzzle is not adding, changing, commenting or even running this page, how can you trust something, when you don’t know what something is, just a thought, has anyone looked at this page deeply, because if i am the creator, this is the first place i would go, what i have found so far hint look into bitcon, saying no more!

[Edit] -> It's highly probably they are in close contact with us. If you wanted the brightest minded to solve your puzzles you'd pay very much attention the ones who are solving it, that way you would be sure you got the best.

[Edit] -> We do not know.

[Edit2] -> It's only after we've lost everything that we're free to do anything. - Fight Club

SOON AFTER STRING STOPPED UPDATING AND WE FOUND NEW THINGS ON SERVER STATUS PAGEEdit

This means that cicada noticed we found that logs on server!

The original server-status page was changed with a static page where a long hexadecimal string was found. Note the mistake on the current and restart dates with different days, moreover being the 6th a monday and the uptime change according to the previous logs grabbed.

IMPORTANT! Regarding the server-status

regarding the server-status page not changing - it is static. all the times
and dates etc do not change. it's a mock-up of a real page. BUT - there are
things to note about the mock-up
==========================================================
Current time is "Thursday, 06-Jan-2014 00:13:17"
Restart time is "Tuesday, 06-Jan-2014 00:13:17"
13 is a prime
17 is a prime
06 Jan was not a Thursday or a Tuesday! It was a Monday.
Current and Restart time should not be the same!
06-Jan-2014 00:13:17 was just under 7 hours before the first picture was
tweeted
==========================================================
Server uptime: 1 days 0 hours 33 minutes 14 seconds
^ ^ ^^
= "1033"
==========================================================
(Current time) minus (Server uptime) gives a Restart time and date of
04/01/2014 23:40:03
* question - why fabricate the page and not get the numbers to match up?
they've put so much care into other things they have produced
* what relevance are we to infer from the other details on the page, such
as server build time, total accesses, total traffic etc etc?
* to note: Apache 2.2.22 was not the current version when this server was
built (Jul 12 2013 13:37:15) perhaps the version number or date are
significant
* Apache version is given as "Apache/2.2.22 (Ubuntu)" at the top of the
document, but "Apache Server" at the bottom of the page. This is not the
same as http://www.apache.org/server-status where it's the same. can anyone
with more knowledge of Apache comment if this is unusual?
source: http://pastebin.com/5iRnfLkm

The hex string started with FFD8... suggesting this was a jpeg which was confirmed later.

perhaps we are not looking for the totient function of 131,151 and 199 seeing as "the primes are sacred" and the totient function of these numbers isn't a very useful output? could the output we're looking for not be...?

[02:28] <masso> Guys, we found out there is most likely some outguess in the rune-pic from the server, encrypted with password or keyfile...[02:28] <masso> http://prntscr.com/2i0786[02:28] <masso> http://prntscr.com/2i073p[02:29] <masso> pics show definitely the same pattern that outguess does

[02:37] <masso> Outguess changes the RGB colour values to hide information in jpgs.[02:39] <masso> With colour correction and by changing brightness/contrast you can see this modified pixels.[02:40] <masso> Usually outguess doesn't change plain white px,but only modifies the coloured ones.[02:41] <masso> The rune picture from the server has clearly this modifications in the runes, as seen after doing some colour/contrast magic in PS.[02:42] <masso> Means, most likely there is some outguessed message in the pic, but protected with a keyfile or password.

short growing 265 bytes string from onion 2 (should be on main 2014 page 2)

string on onion 3 that is still updatin

any ther string from which we got our jpgs

all strings couls be reversed

or xored

with 0xff

Key pasword could be:

something hinted on last runes jpg

we have 3 primes in 5x5 table, 131 or 151; and 199

(from the three primes only 199 has words on the table: "buffers" and "mournful")

all ways adds up to 1033, we need list of words that "count" 1033

131+151+199 = 481

<mlehmk> wordlists https://www.dropbox.com/s/6p6rs6jv1j0052n/sum_checked.7z filtered with hunspell<mlehmk> nope, it's wordlists categorized<mlehmk> category is gematria<mlehmk> ex. file 151.txt contains all the words where gematria sums up to 151<mlehmk> one problem is the letter "q" which I translated to "cw"<mlehmk> giving q the value 32, but it could be 113 as well, extending the gematria

each line is an operation on only 1 number from the matrixlike first number 272the first line is equal to = 272^d mod nwhich is huge obviouslynext line is 138^d mod nfor the other block, encryptionfirst line = 272^e mod nnext line = 138^e mod nsimple RSAonce for each of the 25 numbers in the matrix

"ALL THINGS SHOULD BE ENCRYPTED"
it's an instruction. but it could also be self-referencing,
so "ALL THINGS" should be encrypted.
cicada has given us an encryption key (the matrix.
a l l ? th ing s
97 73 73 ? 5 79 53 = "97737357953" is the string
========================================================
they also gave us a message in the server-status header when they made it
static yet changed some details
original pastebin that someone made of the live server-status:
http://pastebin.com/je6Yudvh
cicada saw this and used to create a mockup with the jpeg data appended,
but they changed some details in the header
see here: http://pastebin.com/DKUsuXH6
differences between the two highlighted here:
http://i.imgur.com/Au7guIx.png
The new digits (arranged per line) are:
613 IS PRIME
6017 NOT PRIME so calculate totient function = 5460
1033 IS PRIME
72 NOT PRIME so calculate totient function = 24
3 IS PRIME
"61360171033723" is the string you get
========================================================
I don't know how to do these ciphers
could someone please try encrypting these two strings with
- the original 5x5 matrix
- the totient-substituted 5x5 matrix
both available here: http://pastebin.com/ZmH2LPhJ
source:http://pastebin.com/pU5VhM6Y

<1033> [for every thing that lives is holy] <----i am not sure if that comment is correct, wasnt that qote from .onion 1 ? 87de5b7fa26ab85d2256c453e7f5bc3ac7f25ee743297817febd7741ededf07ca0c7e8b1788ea4131441a8f71c63943d8b56aea6a45159e2f59f9a194af23eaabf9de0f3123c041c882d5b7e03e17ac49be67cef29fbc7786e3bda321a176498835f6198ef22e81c30d44281cd217f7a46f58c84dd7b29b941403ecd75c0c735d20266121f875aa8dec28f32fc153b1393e143fc71616945eea3c10d6820bd631cf775cf3c1f27925b4a2da655f783f7616f3359b23cff6fb5cb69bcb745c55dff439f7eb6a4094bd302b65a84360a62f94c8b010250fcc431c190d6ed8cc8a3bfce37dddb24b93f502ad83c5fa21923189d8be7a6127c4105fcf0e5275286f2

<761> [patience is a virtue] 634292ba49fe336edada779a34054a335c2ec12c8bbaed4b92dcc05efe98f76abffdc2389bdb9de2cf20c009acdc1945ab095a52609a5c219afd5f3b3edf10fcb25950666dfe8d8c433cd10c0b4c72efdfe12c6270d5cfde291f9cf0d73cb1211140136e4057380c963d70c76948d9cf6775960cf98fbafa435c44015c5959837a0f8d9f46e094f27c5797b7f8ab49bf28fa674d2ad2f726e197839956921dab29724cd48e1a81fc9bab3565f7513e3e368cd0327b47cf595afebb78d6b5bca92ba021cd6734f4362a0b341f359157173b53d49ea5dff5889d2c9de6b0d7e8c615286ce596bfa83f50b6eeabd153aaf50cd75f39929ba11fb0f8e8d611442846

well, imho the solution is only to find out the words or numbers or
something
maybe with a little math or something, but I can't imagine we have
to go that far to include RSA and things
i'm currently trying to code a way to come up with the words. 29!
combinations so need to come up with an efficient way to do it.
guys, may I place my thoughts here:
<masso> but yea... XOR, Blake, Matrix, crypto... a lot of things somehow
related to our runes thing
<masso> and still I think we are thinking to complicated...
<masso> what if we only need to find the correct words for the numbers
and ie. https://fv7lyucmeozzd5j4.onion/[PUT WORD HERE].jpg gives us a new jpg?
<masso> or each missing word gives us one...
<iII> they have left their onion up
<iII> once we're "done" with it
<masso> yeah, maybe we're not done with it yet
<masso> I re-read a lot of things 2012/13 in the past day. They never
really mixed old codes/ciphers with modern ones.
<masso> like a book cipher is a book cipher. nothing else. solve it
and you get a new link/hint/whatever...
<masso> and a modern thing like RSA is RSA, no poetry, history, mythology
whatever...
<iII> that's pretty true
<masso> what a bunch of ppl doing now is mixing old and new things,
that's what I somehow... say dislike - It simply doesn't sound like the 'right' approach for me. Mixing runes and RSA is... idk how to say, not the way to go imho.
:D
<iII> it was usually obvious when we were doing crpyto or like,
history
<masso> yeah.
<masso> imho it's like done by 2 ppl. one is the crypto guy, the
other one is the history nerd...
THINGS = 137 = prime in the SOME WISDOM
<masso> then they get together and build the game... "ok, first puzzle
is your book cipher, next we take my RSA, then again one of your
rune pictures....."
now, every approach might be the right one, so I'd say all of you
interested in the thing above come to #cicada3301 to see if we can
get further with my theory...
that makes perfect sense, they woul dnot be so laze fair and say
screw th e"n"
this surely needs to be put into wiki
yeah, it's my opinion
did you try word form 5*5 .jpg'?
onion 1 and onion 2 are down right?
poetry/historic riddles always had a poetry/historic solution,
Cryptography was plain cryptography

to see how close it maps - but I am not familiar enough with boot loaders to know how close this is to any particular one. - Maybe someone else is more familiar with boot loaders and can run a diff against a probable candidate

Thank you,

Robert Lindsay

Binarizing the image such that only the pixels where green is larger than red you can see a pattern:Edit

The upper pattern has its origin at (673,593), both prime numbers

The bottom one in the horizontal direction goes from pixel 593 to 929, again prime numbers.

Furthermore, you can see black squares on the first few rows of both figures.

So you have made it. Part II starts RIGHT HERE! Go back in time to 2013. Just look back in time to see where this is going. It is no game and no dead end. <a href="http://www.youtube.com/user/pritozwebshop" target=blank class="style1">Many videos of people that were trying to debunk our story are on the web</a>. Nobody knows who we are. And still we are darker than the darkest light.

You will notice a countdown clock on the left bottom. It is counting back to the date the next round (III) starts. For now you just have to pay attention, look for clues and all the hidden info, read the questions and try to break the code.

We will update this website from time to time... Even if there is NO such thing as time...

What about the IP addresses obtained by the ciphertext comments? I tracked down the one in London to a Secure Data Management building, near Leicester Square. This seems strangely coincidental, but that could just be me.

coords lead to direct center of crosswalk. There is a data managment building but pulling up past history on the coords show it coming up in sent locations of spam emails in the past (Feb, 2013). Also looks like that managment building may run mailservers.

<soulseekah> that's RSA OAEP encryptions
<soulseekah> of the onions
<soulseekah> using as n
<soulseekah> as public key
<soulseekah> using the onions as a public key, we encrypted "all things", "All things" and "ALL THINGS"
<soulseekah> to produce more 256 byte output
<soulseekah> that may be xord with the onions
<Lurker69> soulseekah: why you encrypted exactly "all things" and not some other two words?<soulseekah> Lurker69: because the book says so it says: "All things should be encrypted"
<soulseekah> So we encrypt all things
<Lurker69> clever!

<!--Patience is a virtue-->
634292ba49fe336edada779a34054a335c2ec12c8bbaed4b92dcc05efe98f76abffdc2389bdb9de2cf20c009acdc1945ab095a52609a5c219afd5f3b3edf10fcb25950666dfe8d8c433cd10c0b4c72efdfe12c6270d5cfde291f9cf0d73cb1211140136e4057380c963d70c76948d9cf6775960cf98fbafa435c44015c5959837a0f8d9f46e094f27c5797b7f8ab49bf28fa674d2ad2f726e197839956921dab29724cd48e1a81fc9bab3565f7513e3e368cd0327b47cf595afebb78d6b5bca92ba021cd6734f4362a0b341f359157173b53d49ea5dff5889d2c9de6b0d7e8c615286ce596bfa83f50b6eeabd153aaf50cd75f39929ba11fb0f8e8d611442846

The totient is never an odd number (exept 1) so the replacement is not possible for odd non-primes. Positions were the original matrix contained odd non-primes are marked by ???. Note that this is no longer a magic square and also cannot be made one by choosing numbers for the ???.

The non-replaceable numbers are associated with the words (obscure, shadows, form, cabal).